[nickphx]

No, you were not seeing spoofed traffic. There are that many compromised machines actively scanning.

[stevendgarcia]

It's scary to admit this but you are probably right. The first thing these bots do is use server resources to scan ports and brute force their way into other machines. I don't want to think about how many machines are pwned like this. Very sobering!

[snazz]

This is also perfectly normal for the Internet, yes? If you have a server with an IPv4 address, expect many attempts per day.